mirror of
https://github.com/Ylianst/MeshCentral.git
synced 2024-12-24 22:25:52 -05:00
Fixed AMT HTTP stack client nonce format.
This commit is contained in:
parent
71b9a5113b
commit
20ba165dc3
@ -48,9 +48,6 @@ var CreateWsmanComm = function (host, port, user, pass, tls, tlsoptions, mpsConn
|
|||||||
obj.amtVersion = null;
|
obj.amtVersion = null;
|
||||||
|
|
||||||
obj.Address = '/wsman';
|
obj.Address = '/wsman';
|
||||||
obj.challengeParams = null;
|
|
||||||
obj.noncecounter = 1;
|
|
||||||
obj.authcounter = 0;
|
|
||||||
obj.cnonce = obj.crypto.randomBytes(16).toString('hex'); // Generate a random client nonce
|
obj.cnonce = obj.crypto.randomBytes(16).toString('hex'); // Generate a random client nonce
|
||||||
|
|
||||||
obj.host = host;
|
obj.host = host;
|
||||||
@ -164,8 +161,8 @@ var CreateWsmanComm = function (host, port, user, pass, tls, tlsoptions, mpsConn
|
|||||||
obj.kerberosDone = 1;
|
obj.kerberosDone = 1;
|
||||||
}
|
}
|
||||||
} else if (obj.challengeParams != null) {
|
} else if (obj.challengeParams != null) {
|
||||||
var response = hex_md5(hex_md5(obj.user + ':' + obj.challengeParams['realm'] + ':' + obj.pass) + ':' + obj.challengeParams['nonce'] + ':' + obj.noncecounter + ':' + obj.cnonce + ':' + obj.challengeParams['qop'] + ':' + hex_md5(action + ':' + url + ((obj.challengeParams['qop'] == 'auth-int') ? (':' + hex_md5(postdata)) : '')));
|
var response = hex_md5(hex_md5(obj.user + ':' + obj.challengeParams['realm'] + ':' + obj.pass) + ':' + obj.challengeParams['nonce'] + ':' + nonceHex(obj.noncecounter) + ':' + obj.cnonce + ':' + obj.challengeParams['qop'] + ':' + hex_md5(action + ':' + url + ((obj.challengeParams['qop'] == 'auth-int') ? (':' + hex_md5(postdata)) : '')));
|
||||||
h += 'Authorization: ' + obj.renderDigest({ 'username': obj.user, 'realm': obj.challengeParams['realm'], 'nonce': obj.challengeParams['nonce'], 'uri': url, 'qop': obj.challengeParams['qop'], 'response': response, 'nc': obj.noncecounter++, 'cnonce': obj.cnonce }) + '\r\n';
|
h += 'Authorization: ' + obj.renderDigest({ 'username': obj.user, 'realm': obj.challengeParams['realm'], 'nonce': obj.challengeParams['nonce'], 'uri': url, 'qop': obj.challengeParams['qop'], 'response': response, 'nc': nonceHex(obj.noncecounter++), 'cnonce': obj.cnonce }) + '\r\n';
|
||||||
}
|
}
|
||||||
h += 'Host: ' + obj.host + ':' + obj.port + '\r\nContent-Length: ' + postdata.length + '\r\n\r\n' + postdata; // Use Content-Length
|
h += 'Host: ' + obj.host + ':' + obj.port + '\r\nContent-Length: ' + postdata.length + '\r\n\r\n' + postdata; // Use Content-Length
|
||||||
//h += 'Host: ' + obj.host + ':' + obj.port + '\r\nTransfer-Encoding: chunked\r\n\r\n' + postdata.length.toString(16).toUpperCase() + '\r\n' + postdata + '\r\n0\r\n\r\n'; // Use Chunked-Encoding
|
//h += 'Host: ' + obj.host + ':' + obj.port + '\r\nTransfer-Encoding: chunked\r\n\r\n' + postdata.length.toString(16).toUpperCase() + '\r\n' + postdata + '\r\n0\r\n\r\n'; // Use Chunked-Encoding
|
||||||
@ -180,11 +177,13 @@ var CreateWsmanComm = function (host, port, user, pass, tls, tlsoptions, mpsConn
|
|||||||
return t.reduce(function (obj, s) { var parts = s.split('='); obj[parts[0]] = parts[1].replace(new RegExp('\"', 'g'), ''); return obj; }, {})
|
return t.reduce(function (obj, s) { var parts = s.split('='); obj[parts[0]] = parts[1].replace(new RegExp('\"', 'g'), ''); return obj; }, {})
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function nonceHex(v) { var s = ('00000000' + v.toString(16)); return s.substring(s.length - 8); }
|
||||||
|
|
||||||
// NODE.js specific private method
|
// NODE.js specific private method
|
||||||
obj.renderDigest = function (params) {
|
obj.renderDigest = function (params) {
|
||||||
var paramsnames = [];
|
var paramsnames = [];
|
||||||
for (var i in params) { paramsnames.push(i); }
|
for (var i in params) { paramsnames.push(i); }
|
||||||
return 'Digest ' + paramsnames.reduce(function (s1, ii) { return s1 + ',' + ii + '="' + params[ii] + '"' }, '').substring(1);
|
return 'Digest ' + paramsnames.reduce(function (s1, ii) { return s1 + ',' + (((ii == 'nc') || (ii == 'qop')) ? (ii + '=' + params[ii]) : (ii + '="' + params[ii] + '"')); }, '').substring(1);
|
||||||
}
|
}
|
||||||
|
|
||||||
// NODE.js specific private method
|
// NODE.js specific private method
|
||||||
|
@ -86,8 +86,8 @@ var CreateWsmanComm = function (host, port, user, pass, tls) {
|
|||||||
action = action ? action : 'POST';
|
action = action ? action : 'POST';
|
||||||
var h = action + ' ' + url + ' HTTP/1.1\r\n';
|
var h = action + ' ' + url + ' HTTP/1.1\r\n';
|
||||||
if (obj.challengeParams != null) {
|
if (obj.challengeParams != null) {
|
||||||
var response = hex_md5(hex_md5(obj.user + ':' + obj.challengeParams['realm'] + ':' + obj.pass) + ':' + obj.challengeParams['nonce'] + ':' + obj.noncecounter + ':' + obj.cnonce + ':' + obj.challengeParams['qop'] + ':' + hex_md5(action + ':' + url + ((obj.challengeParams['qop'] == 'auth-int') ? (':' + hex_md5(postdata)) : '')));
|
var response = hex_md5(hex_md5(obj.user + ':' + obj.challengeParams['realm'] + ':' + obj.pass) + ':' + obj.challengeParams['nonce'] + ':' + nonceHex(obj.noncecounter) + ':' + obj.cnonce + ':' + obj.challengeParams['qop'] + ':' + hex_md5(action + ':' + url + ((obj.challengeParams['qop'] == 'auth-int') ? (':' + hex_md5(postdata)) : '')));
|
||||||
h += 'Authorization: ' + obj.renderDigest({ 'username': obj.user, 'realm': obj.challengeParams['realm'], 'nonce': obj.challengeParams['nonce'], 'uri': url, 'qop': obj.challengeParams['qop'], 'response': response, 'nc': obj.noncecounter++, 'cnonce': obj.cnonce }) + '\r\n';
|
h += 'Authorization: ' + obj.renderDigest({ 'username': obj.user, 'realm': obj.challengeParams['realm'], 'nonce': obj.challengeParams['nonce'], 'uri': url, 'qop': obj.challengeParams['qop'], 'response': response, 'nc': nonceHex(obj.noncecounter++), 'cnonce': obj.cnonce }) + '\r\n';
|
||||||
}
|
}
|
||||||
//h += 'Host: ' + obj.host + ':' + obj.port + '\r\nContent-Length: ' + postdata.length + '\r\n\r\n' + postdata; // Use Content-Length
|
//h += 'Host: ' + obj.host + ':' + obj.port + '\r\nContent-Length: ' + postdata.length + '\r\n\r\n' + postdata; // Use Content-Length
|
||||||
h += 'Host: ' + obj.host + ':' + obj.port + '\r\nTransfer-Encoding: chunked\r\n\r\n' + postdata.length.toString(16).toUpperCase() + '\r\n' + postdata + '\r\n0\r\n\r\n'; // Use Chunked-Encoding
|
h += 'Host: ' + obj.host + ':' + obj.port + '\r\nTransfer-Encoding: chunked\r\n\r\n' + postdata.length.toString(16).toUpperCase() + '\r\n' + postdata + '\r\n0\r\n\r\n'; // Use Chunked-Encoding
|
||||||
@ -100,12 +100,13 @@ var CreateWsmanComm = function (host, port, user, pass, tls) {
|
|||||||
|
|
||||||
// Split a string on quotes but do not do it when in quotes
|
// Split a string on quotes but do not do it when in quotes
|
||||||
function correctedQuoteSplit(str) { return str.split(',').reduce(function (a, c) { if (a.ic) { a.st[a.st.length - 1] += ',' + c } else { a.st.push(c) } if (c.split('"').length % 2 == 0) { a.ic = !a.ic } return a; }, { st: [], ic: false }).st }
|
function correctedQuoteSplit(str) { return str.split(',').reduce(function (a, c) { if (a.ic) { a.st[a.st.length - 1] += ',' + c } else { a.st.push(c) } if (c.split('"').length % 2 == 0) { a.ic = !a.ic } return a; }, { st: [], ic: false }).st }
|
||||||
|
function nonceHex(v) { var s = ('00000000' + v.toString(16)); return s.substring(s.length - 8); }
|
||||||
|
|
||||||
// Websocket relay specific private method
|
// Websocket relay specific private method
|
||||||
obj.renderDigest = function (params) {
|
obj.renderDigest = function (params) {
|
||||||
var paramsnames = [];
|
var paramsnames = [];
|
||||||
for (i in params) { paramsnames.push(i); }
|
for (i in params) { paramsnames.push(i); }
|
||||||
return 'Digest ' + paramsnames.reduce(function (s1, ii) { return s1 + ',' + ii + '="' + params[ii] + '"' }, '').substring(1);
|
return 'Digest ' + paramsnames.reduce(function (s1, ii) { return s1 + ',' + (((ii == 'nc') || (ii == 'qop')) ? (ii + '=' + params[ii]) : (ii + '="' + params[ii] + '"')); }, '').substring(1);
|
||||||
}
|
}
|
||||||
|
|
||||||
// Websocket relay specific private method
|
// Websocket relay specific private method
|
||||||
|
Loading…
Reference in New Issue
Block a user